Abstract: Internet of Things (IoT) is envisioned as a holistic and transformative approach for providing numerous services. Smart things, that can sense, store, and process electrical, thermal, optical, chemical, and other signals to extract user-/environment-related information, have enabled services only limited by human imagination. Despite picturesque promises of IoT-enabled systems, the integration of smart things into the standard Internet introduces several security and privacy challenges because the majority of Internet technologies, communication protocols, and sensors were not designed to support IoT.

In this presentation, I will shed light on fundamental security challenges in IoT paradigm and argue that we need to rethink the development of multiple IoT-enabled systems while taking security requirements into account. Bridging concepts from information security, machine learning, and signal processing, I will demonstrate that the threat of unintended private information leakage from seemingly non-critical data is far beyond what is currently thought possible. In particular, I will describe PinMe, a novel user-location mechanism that exploits non-sensory/sensory data collected from smartphones or Internet-connected vehicles, along with publicly-available auxiliary information, e.g., elevation maps, to estimate the user's location when all location services, e.g., Global Positioning System (GPS), are turned off.

Next, I will present a novel framework that integrates programmability and security into isolated vehicles and enables rapid development of new vehicular applications for already-in-market vehicles, significantly enhancing the vehicle security, passenger safety, and driving experience. The proposed framework is formed around a security/privacy-friendly programmable dongle (known as SmartCore) and a middlware that enables developers to interact with the vehicle's built-in components in a safe and secure manner, preventing numerous potential threats against Internet-connected vehicles.

Bio:Arsalan Mosenia is currently a postdoctoral research associate, jointly working with Profs. Mung Chiang (Purdue University) and Prateek Mittal (Princeton University). He received the B.Sc. degree in Computer Engineering from Sharif University of Technology in 2012, and the M.A. and Ph.D. in Electrical Engineering from Princeton University, in 2014 and 2016, respectively, under the supervision of Prof. Niraj K. Jha.

He is broadly interested in investigating and addressing emerging security and privacy challenges in Internet of Things (IoT) and cyber-physical systems. His interests lie at the intersection of information security, IoT, embedded systems, and machine learning.His work has uncovered fundamental security/privacy flaws in the design of multiple widely-used Internet-connected systems. His research impact includes several publications that are among the most popular papers of top-tier IEEE Transactions, multiple prestigious awards (including Princeton X, Princeton­­­ Innovation Fund, French-American Doctoral Exchange Fellowship, and Princeton IP Accelerator Fund), and extensive press coverage. Furthermore, at OpenFog Consortium, he is actively collaborating with Security Work Group, where he defines domain-specific security standards for fog computing, and Testbed Work Group, where he designs, builds, and examines novel fog-inspired real-world systems.